
5 ^ establishing an association between said one or more protection domains^and one or 

6 more classes of one or more objects; and 

7 determining whether an action requested by a particular object is permitted based on 

8 said association between said one or more protection domains and said one or 

9 more classes. 

1 2. (NOT AMENDED) The method of Claim 1 , wherein: 

2 at least one protection domain of said one or more protection domains is associated 

3 with a code identifier; 

4 at least one class of said one or more classes is associated with said code identifier; 

5 and 

6 the step of establishing an association between said one or more protection domains 

7 and said one or more classes of one or more objects further includes the step 

8 of associating said one or more protection domains and said one or more 

9 classes based on said code identifier. 

1 3 . (NOT AMENDED) The method of Claim 2, wherein said code identifier indicates a 

2 source of code used to define each class of said one or more classes. 

1 4. (NOT AMENDED) The method of Claim 2, wherein said code identifier indicates a 

2 key associated with each class of said one or more classes. 

1 5. (NOT AMENDED) The method of Claim 2, wherein said code identifier indicates a 

2 source of code used to define each class of said one or more classes and indicates a 

3 key associated with each class of said one or more classes. 
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t 1 6. (NOT AMENDED) The method of Claim 2, wherein the step of associating said one 

2 or more protection domains and said one or more classes based on said code identifier 

3 further includes associating said one or more protection domains and said one or more 

4 classes based on data persistently stored, wherein said data associates code identifiers 

5 with a set of one or more permissions. 

1 7. (NOT AMENDED) A method of providing security, the method comprising the steps 

2 of: 

3 establishing one or more protection domains, wherein a protection domain is 

4 associated with zero or more permissions; 

5 establishing an association between said one or more protection domains and one or 

6 more sources of code; and 

7 in response to executing code making a request to perform an action, determining 

8 whether said request is permitted based on a source of said code making said 

9 request and said association between said one or more protection domains and 
10 said one or more sources of code. 

1 8. (NOT AMENDED) The method of Claim 7, wherein the step of establishing an 

2 association between said one or more protection domains and said one or more 

3 sources of code further includes establishing an association between said one or more 

4 protection domains and said one or more sources of code and one or more keys 

5 associated with said one or more sources of code. 

1 9. (NOT AMENDED) The method of Claim 8, wherein the step of establishing an 

2 association between said one or more protection domains and said one or more 
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/ . 3 sources of code and said one or more keys associated with said one or more sources 

/ \ 
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4 of code further includes establishing said association between said one or more 

5 protection domains and said one or more sources of code and said one or more keys 

6 associated with said one or more sources of code based on data persistently stored, 

7 wherein said data associates particular sources of code and particular keys with a set 
8 of one or mor^ermissions. 

1 10. (AMENDED) A computer-readable medium carrying one or more sequences of one 

2 or more instructions, [wherein the execution of] the one or more sequences of the one 

3 or more instructions including instructions which, when executed by one or more 

4 processors, causes the one or more processors to perform the steps of: 

5 establishing one or more protection domains, wherein a protection domain is 

6 associated with zero or more permissions; 

7 establishing an association between said one or more protection domains and one or 

8 more classes of one or more objects; and 

9 determining whether an action requested by a particular object is permitted based on 

10 said association between said one or more protection domains and said one or 

1 1 more classes. 




1 11. (NOT AMENDED) The computer readable medium of Claim 1 0, wherein: 

2 at least one protection domain of said one or more protection domains is associated 



\J 3 with a code identifier; 



* 4 at least one class of said one or more classes is associated with said code identifier; 

li 

5 and 
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* 6 the step of establishing an association between said one or more protection domains 

7 and said one or more classes of one or more objects further includes the step 

8 of associating said one or more protection domains and said one or more 

9 classes based on said code identifier. 

1 12. (NOT AMENDED) The computer readable medium of Claim 11, wherein said code 

2 identifier indicates a source of code used to define each class of said one or more 

3 classes. 

1 13. (NOT AMENDED) The computer readable medium of Claim 1 1 , wherein said code 

2 identifier indicates a key associated with each class of said one or more classes. 

1 14. (NOT AMENDED) The computer readable medium of Claim 11, wherein said code 

2 identifier indicates a source of code used to define each class of said one or more 

3 classes and indicates a key associated with each class of said one or more classes. 

1 15. (NOT AMENDED) The computer readable medium of Claim 14, wherein the step of 

2 associating said one or more protection domains and said one or more classes based 

3 on said code identifier further includes associating said one or more protection 

4 domains and said one or more classes based on data persistently stored, wherein said 

5 data associates code identifiers with a set of one or more permissions. 

1 16. (NOT AMENDED) A computer-readable medium carrying one or more sequences of 

2 one or more instructions, wherein the execution of the one or more sequences of the 

3 one or more instructions causes the one or more processors to perform the steps of: 
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' 4 establishing one or more protection domains, wherein a protection domain is 

5 associated with zero or more permissions; 

6 establishing an association between said one or more protection domains and one or 

7 more sources of code; and 

8 in response to executing code making a request to perform an action, determining 

9 whether said request is permitted based on a source of said code making said 

10 request and said association between said one or more protection domains and 

1 1 said one or more sources of code. 

1 17. (NOT AMENDED) The computer readable medium of Claim 16, wherein the step of 

2 establishing an association between said one or more protection domains and said one 

3 or more sources of code further includes establishing an association between said one 

4 or more protection domains and said one or more sources of code and one or more 

5 keys associated with said one or more sources of code. 

1 18. (NOT AMENDED) The computer readable medium of Claim 1 7 5 wherein the step of 

2 establishing an association between said one or more protection domains and said one 

3 or more sources of code and said one or more keys associated with said one or more 

4 sources of code further includes establishing said association between said one or 

5 more protection domains and said one or more sources of code and said one or more 

6 keys associated with said one or more sources of code based on data persistently 

7 stored, wherein said data associates particular sources of code and particular keys 

8 with a set of one or more permissions. 
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1 19. (NOT AMENDED) A computer system comprising: 

2 a processor; 

3 a memory coupled to said processor; 

4 one or more protection domains stored as objects in said memory, wherein each 

5 protection domain is associated with zero or more permissions; 

6 a domain mapping object stored in said memory, said domain mapping object 

7 establishing an association between said one or more protection domains and 

8 one or more classes of one or more objects; and 

9 said processor being configured to determine whether an action requested by a 

10 particular object is permitted based on said association between said one or 

1 1 more protection domains and said one or more classes. 

1 20. (NOT AMENDED) The computer system of Claim 19, wherein: 

2 at least one protection domain of said one or more protection domains is associated 

3 with a code identifier; 

4 at least one class of said one or more classes is associated with said code identifier; 

5 and 

6 said computer system further comprises said processor configured to establish an 

7 association between said one or more protection domains and said one or more 

8 classes of one or more objects by associating said one or more protection 

9 domains and said one or more classes based on said code identifier. 

1 21. (NOT AMENDED) The computer system of Claim 20, wherein said code identifier 

2 indicates a source of code used to define each class of said one or more classes. 
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1 22. (NOT AMENDED) The computer system of Claim 20, wherein said code identifier 

2 indicates a key associated with each class of said one or more classes. 

1 23. (NOT AMENDED) The computer system of Claim 20, wherein said code identifier 

2 indicates a source of code used to define each class of said one or more classes and 

3 indicates a key associated with each class of said one or more classes. 

1 24. (NOT AMENDED) The computer system of claim 20, further comprising said 

2 processor configured to associate said one or more protection domains and said one or 

3 more classes based on said code identifier by associating said one or more protection 

4 domains and said one or more classes based on data persistently stored in said 

5 computer system, wherein said data associates code identifiers with a set of one or 

6 more permissions. 
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